Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.python > #16022 > unrolled thread

python-mkdocs new version coordination

Back to article view | Back to linux.debian.maint.python

Contents

  python-mkdocs new version coordination Otto Kekäläinen <otto@debian.org> - 2024-07-13 18:50 +0200
    Re: python-mkdocs new version coordination Carsten Schoenert <c.schoenert@t-online.de> - 2024-07-13 19:00 +0200
    mkdocs and tracking Salvo Tomaselli <tiposchi@tiscali.it> - 2024-07-14 00:30 +0200
      Re: mkdocs and tracking weepingclown <weepingclown@disroot.org> - 2024-07-14 04:40 +0200
        Re: mkdocs and tracking weepingclown <weepingclown@disroot.org> - 2024-07-14 04:40 +0200
      Re: mkdocs and tracking Andrey Rakhmatullin <wrar@debian.org> - 2024-07-14 11:40 +0200
        Re: mkdocs and tracking Salvo Tomaselli <tiposchi@tiscali.it> - 2024-07-14 13:10 +0200
      Re: mkdocs and tracking Dmitry Shachnev <mitya57@debian.org> - 2024-07-14 12:50 +0200
        Re: mkdocs and tracking Salvo Tomaselli <tiposchi@tiscali.it> - 2024-07-14 14:10 +0200
          Re: mkdocs and tracking Andrey Rakhmatullin <wrar@debian.org> - 2024-07-14 14:30 +0200
            Re: mkdocs and tracking Salvo Tomaselli <tiposchi@tiscali.it> - 2024-07-14 14:50 +0200
              Re: mkdocs and tracking Otto Kekäläinen <otto@debian.org> - 2024-07-20 18:50 +0200
    Re: python-mkdocs new version coordination Brian May <bam@debian.org> - 2024-07-14 01:30 +0200

#16022 — python-mkdocs new version coordination

Hi Brian, Nick and Carsten!

Are you OK that I upload a new python-mkdocs version together with Ahmed (CCd)?

Asking to avoid duplicate work with you who are marked as
maintainer/uploader/recent committed.

We will do the work at
https://salsa.debian.org/python-team/packages/python-mkdocs following
Python team conventions.

- Otto

[toc] | [next] | [standalone]

#16023

Hello Otto,

Am 13.07.24 um 18:40 schrieb Otto Kekäläinen:
> Hi Brian, Nick and Carsten!
> 
> Are you OK that I upload a new python-mkdocs version together with Ahmed (CCd)?
> 
> Asking to avoid duplicate work with you who are marked as
> maintainer/uploader/recent committed.
> 
> We will do the work at
> https://salsa.debian.org/python-team/packages/python-mkdocs following
> Python team conventions.
I'm not hardly addicted to the mkdocs package so if you want to work on 
this that's fine to me.

I worked on version 1.6.0 the past weeks from time to time.

You are aware of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072850?

I think the technical packaging in my eyes isn't the real and final 
issue. But I'm fine if someones wants to prove me wrong. Currently I 
don't have time until DC in Busan to work more on this.

-- 
Regards
Carsten

[toc] | [prev] | [next] | [standalone]

#16024 — mkdocs and tracking

[Multipart message — attachments visible in raw view] — view raw

Sorry for the OT, but should we consider patching mkdocs themes to stop 
linking to external websites (mostly cloudflare) for static assets?

This has been used to create security vulnerabilities recently (see for the 
polyfill situation).

I use mkdocs and I have code to automatically download with wget and then use 
sed to replace those. But I think it would be saner if it was the norm 
instead. Also because adblockers complain about their presence.

In data sabato 13 luglio 2024 18:40:14 CEST, Otto Kekäläinen ha scritto:
> Hi Brian, Nick and Carsten!
> 
> Are you OK that I upload a new python-mkdocs version together with Ahmed
> (CCd)?
> 
> Asking to avoid duplicate work with you who are marked as
> maintainer/uploader/recent committed.
> 
> We will do the work at
> https://salsa.debian.org/python-team/packages/python-mkdocs following
> Python team conventions.
> 
> - Otto


-- 
Salvo Tomaselli

"Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di
senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
                -- Galileo Galilei

https://ltworf.codeberg.page/

[toc] | [prev] | [next] | [standalone]

#16026 — Re: mkdocs and tracking

That'd be a nice thing to do. I believe there will already be privacy-beach-generic complaints by lintian. The worst part is that they end up appearing in all rdeps IIRC.

Best,
Ananthu

On 13 July 2024 10:19:43 pm UTC, Salvo Tomaselli <tiposchi@tiscali.it> wrote:
>Sorry for the OT, but should we consider patching mkdocs themes to stop 
>linking to external websites (mostly cloudflare) for static assets?
>
>This has been used to create security vulnerabilities recently (see for the 
>polyfill situation).
>

[toc] | [prev] | [next] | [standalone]

#16027 — Re: mkdocs and tracking

[Multipart message — attachments visible in raw view] — view raw

err, privacy breach*

On 14 July 2024 2:29:46 am UTC, weepingclown <weepingclown@disroot.org> wrote:
>That'd be a nice thing to do. I believe there will already be privacy-beach-generic complaints by lintian. The worst part is that they end up appearing in all rdeps IIRC.
>
>Best,
>Ananthu
>
>On 13 July 2024 10:19:43 pm UTC, Salvo Tomaselli <tiposchi@tiscali.it> wrote:
>>Sorry for the OT, but should we consider patching mkdocs themes to stop 
>>linking to external websites (mostly cloudflare) for static assets?
>>
>>This has been used to create security vulnerabilities recently (see for the 
>>polyfill situation).
>>

[toc] | [prev] | [next] | [standalone]

#16029 — Re: mkdocs and tracking

[Multipart message — attachments visible in raw view] — view raw

On Sun, Jul 14, 2024 at 12:19:43AM +0200, Salvo Tomaselli wrote:
> Sorry for the OT, but should we consider patching mkdocs themes to stop 
> linking to external websites (mostly cloudflare) for static assets?
> 
> This has been used to create security vulnerabilities recently (see for the 
> polyfill situation).

Do mkdocs themes also download code to execute or just images?
If the former then yes it should be patched out.

-- 
WBR, wRAR

[toc] | [prev] | [next] | [standalone]

#16031 — Re: mkdocs and tracking

[Multipart message — attachments visible in raw view] — view raw

> Do mkdocs themes also download code to execute or just images?
> If the former then yes it should be patched out.

css and js it seems.

$ cat *html | grep cloudflare
        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/
highlight.js/11.8.0/styles/github.min.css" />
      <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.8.0/
highlight.min.js"></script>

I'm using the "readthedocs" theme, which is part of the mkdocs package.


-- 
Salvo Tomaselli

"Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di
senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
                -- Galileo Galilei

https://ltworf.codeberg.page/

[toc] | [prev] | [next] | [standalone]

#16030 — Re: mkdocs and tracking

[Multipart message — attachments visible in raw view] — view raw

Hi Salvo!

On Sun, Jul 14, 2024 at 12:19:43AM +0200, Salvo Tomaselli wrote:
> Sorry for the OT, but should we consider patching mkdocs themes to stop 
> linking to external websites (mostly cloudflare) for static assets?

dh_mkdocs supports replacing highlight.js from cloudflare with the packaged
version [1]. Perhaps you can make it replace more libraries the same way.

[1]: https://salsa.debian.org/python-team/packages/python-mkdocs/-/blob/debian/master/debian/scripts/dh_mkdocs?ref_type=heads#L148-L149

--
Dmitry Shachnev

[toc] | [prev] | [next] | [standalone]

#16032 — Re: mkdocs and tracking

[Multipart message — attachments visible in raw view] — view raw

> dh_mkdocs supports replacing highlight.js from cloudflare with the packaged
> version [1]. Perhaps you can make it replace more libraries the same way.

I was aware of it but it doesn't really help me if I'm generating html and 
publishing it using mkdocs.

That's only for generating -doc packages

-- 
Salvo Tomaselli

"Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di
senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
                -- Galileo Galilei

https://ltworf.codeberg.page/

[toc] | [prev] | [next] | [standalone]

#16033 — Re: mkdocs and tracking

[Multipart message — attachments visible in raw view] — view raw

On Sun, Jul 14, 2024 at 02:07:59PM +0200, Salvo Tomaselli wrote:
> > dh_mkdocs supports replacing highlight.js from cloudflare with the packaged
> > version [1]. Perhaps you can make it replace more libraries the same way.
> 
> I was aware of it but it doesn't really help me if I'm generating html and 
> publishing it using mkdocs.

That's something for the upstream to change.


-- 
WBR, wRAR

[toc] | [prev] | [next] | [standalone]

#16034 — Re: mkdocs and tracking

[Multipart message — attachments visible in raw view] — view raw

> That's something for the upstream to change.

I think it'd be completely fair to patch it.

They are aware of the issue for years but it's still open
https://github.com/mkdocs/mkdocs/issues/2171

-- 
Salvo Tomaselli

"Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di
senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
                -- Galileo Galilei

https://ltworf.codeberg.page/

[toc] | [prev] | [next] | [standalone]

#16054 — Re: mkdocs and tracking

[Multipart message — attachments visible in raw view] — view raw

Hi Salvo!

Can you please file this request as a Debian bug?

I am planning to update the package with Ahmed, and we can look into
patching the external asset loading, and I can teach Ahmed how to close
bugs via changelog etc

Thanks!

[toc] | [prev] | [next] | [standalone]

#16025

Otto Kekäläinen <otto@debian.org> writes:

> Are you OK that I upload a new python-mkdocs version together with
> Ahmed (CCd)?

Fine with me, I haven't had a lot of time for Debian lately.
-- 
Brian May @ Debian

[toc] | [prev] | [standalone]

Back to top | Article view | linux.debian.maint.python

csiph-web